How to use Fiddler ?

Fiddler is a free and open-source packet analyzer. 
Usage 

• Network troubleshooting
  Analysis software
  Communications protocol development

Fiddler captures HTTP and HTTPS traffic data between browsers and servers.

Overview
Fiddler sits between the HTTP client and server and listened on a port.
The requests is sent to Fiddler proxy bridge rather than the real server, Fiddler forward the request to server and receive the response and then back to browser.



Using Fiddler
Download and install Fiddler.

Check overall Web sessions
Open a web page in a browser.
Fiddler lists the web requests in web sessions panel, while if you visit more web pages, the recorded requests will continue growing and keep in order.
Information displayed in web session :

• # Request ID generated by Fiddler
• Result : Result code from the HTTP response
• Protocol : The protocol (HTTP / HTTPS / FTP) used by this session
• Host : Hostname of the server to which the request was sent
• URL : The path and file requested from the server
• Body : The number of bytes in the response body
• Caching : Values from the response’s expires or Cache-Control headers
• Process : The local Windows process from which the traffic originated
• Content-Type : The Content-Type header from the response
• Custom : A text field you can set via scripting
• Comments : A text field you can set from scripting or the session’s context menu

  
Check Inspectors

Click on a HTTP session, then it will display "Inspectors" tab.

Request Inspectors

• Headers : Request headers and status
• TextView : Request body
• WebForms : Request parameters and fields data
• HexView : Request body in a hexadecimal view
• Auth : Authentication parameters
• Cookies : Cookies data in key / value pairs
• XML , JSON : Request body as an XML DOM in a tree view or JSON

Response Inspectors

• Transformer : Removes GZip, DEFLATE, and CHUNKED encodings for easier debugging
• Headers : Response headers and status
• TextView : Response body
• HexView : Response body in a hexadecimal view
• ImageView : Response body as an Image. Supports all .NET image formats.
• XML : Shows the response body as an XML DOM in a tree view
• Privacy : Provides P3P statement in the response headers, if present

 

Check statistics

It show the estimated performance statistics for the selected HTTP sessions.

It is useful for performance turning.

What is JSON and its features ?

JSON stands for JavaScript Object Notation and used to transfer data between server and client (similar to XML)

Example

employee = {

   "empId" : "143011",

   "name" : "Shaan",

   "age" :  "31"

};

JSON features

• Light-weight
• Useful when data needs to loaded quickly and asynchronously (i.e. using AJAX)
• Standard structure
• Easy to write code as a standard format expected in program
• Language independent
• works well with modern programming languages
• Easier to change server-side language without changing data format
• Easy to read & write
• Text based, human readable

JSON vs. XML

JSON is much more light-weight than XML.

JSON support usage of arrays which is not available in XML.

JSON example

{"employees":[

   {"empId":"143011", "name":"Shaan", "city":"Jhansi"},

   {"empId":"143012", "name":"Rahul", "city":"Agra"},

   {"empId":"143013", "name":"Jatin", "city":"Paris"},

]}

XML example

<employees>

  <employee>

    <empId>143011</empId>

    <name>Shaan</name>

    <city>Jhansi</city>

  </employee>

  <employee>

    <empId>143012</empId>

    <name>Rahul</name>

    <city>Agra</city>

  </employee>

  <employee>

    <empId>143013</empId>

    <name>Jatin</name>

    <city>Paris</city>

  </employee>

</employees>

Session vs. Cookie

Session vs. Cookie

• Sessions are always stored in the server side
• Cookies are always stored in the client side

How do I use a proxy server for HTTP requests ?

If you're writing an application, however you'll have to manually specify the proxy server settings.

You can do this when running a Java application, or you can write code that will specify proxy settings automatically for the user.

To specify proxy settings when running an application, use the -D parameter :

jre -DproxySet=true -DproxyHost=myhost -DproxyPort=myport MyApp

Alternately, your application can maintain a configuration file and specify proxy settings before using a URLConnection :

// Modify system properties

Properties sysProperties  =  System.getProperties();

// Specify proxy settings

sysProperties.put("proxyHost", "myhost");

sysProperties.put("proxyPort", "myport");

sysProperties.put("proxySet", "true");

What are common HTTP status code ?

HTTP Status code definitions

400 Bad Request

• based on client side error

403 Forbidden

• Accessing the page or resource you were trying to reach is absolutely forbidden for some reason.
• ResolutionCheck for URL errors and make sure the actual web page is specified.Make sure the page you're trying to reach is correct.

 

404 Not Found

• The page you are trying to reach could not be found on the server.
• 404 is a client side error.
• ResolutionCheck the URI you have typed in the browser.Move up one directory level in the URIeg. www.xyz.com/d/f/.ctd.html to www.xyz.com/d/f

408 Request Timeout

• Request you sent to the website server (e.g. a request to load a web page) took longer than the website's server was prepared to wait.
• Resolution Many times a slow connection causes the 408 Request Timeout error. this is often only temporary.Trying the page again will often be successful.
  As more users connect to the website means huge increase in traffic by the server.After some time when users left the access, this problem can be resolved.

Which HTTP method is used by the client to check what server receives when request is made ?

TRACE method

What is HTTP protocol ?

The Hypertext Transfer Protocol (HTTP) is an Application Layer protocol for distributed, collaborative, hypermedia information systems.

HTTP is a request-response protocol standard for client-server computing.

In HTTP, a web browser, for example, acts as a client, while an application running on a computer hosting the web site acts as a server. The client submits HTTP requests to the responding server by sending messages to it. The server, which stores content (or resources) such as HTML files and images, or generates such content on the fly, sends messages back to the client in response.

HTTP is called a stateless protocol because each command is executed independently, without any knowledge of the commands that came before it.

Resources to be accessed by HTTP are identified using URIs or URLs — using the http or https URI schemes.

The original version of HTTP, designated HTTP/1.0, was revised in HTTP/1.1.

One of the characteristics in HTTP/1.0 was that it uses a separate connection to the same server for every document, while HTTP/1.1 can reuse the same connection to download, for instance, images for the just served page.

An HTTP session is a sequence of network request-response transactions.

An HTTP client initiates a request. It establishes a Transmission Control Protocol (TCP) connection to a particular port on a host.

An HTTP server listening on that port waits for a client's request message. Upon receiving the request, the server sends back a status line, such as "HTTP/1.1 200 OK", and a message of its own, the body of which is perhaps the requested resource, an error message, or some other information.

https is a URI scheme that is, aside from the scheme token, syntactically identical to the http scheme used for normal HTTP connections, but which signals the browser to use an added encryption layer of SSL/TLS to protect the traffic.

Example

Client request

GET /index.html HTTP/1.1

Host: www.example.com

Server response

HTTP/1.1 200 OK

Date: Mon, 23 May 2005 22:38:34 GMT

Server: Apache/1.3.3.7 (Unix) (Red-Hat/Linux)

Last-Modified: Wed, 08 Jan 2003 23:11:55 GMT

Etag: "3f80f-1b6-3e1cb03b"

Accept-Ranges: bytes

Content-Length: 438

Connection: close

Content-Type: text/html; charset=UTF-8

Response has already been commited error. What does it mean ?

This error show only when you try to redirect a page after you already have written something in your page.

This happens because HTTP specification force the header to be set up before the layout of the page can be shown 

(To make sure of how it should be displayed, content-type=”text/html”  or  “text/xml”  or  “plain-text” or “image/jpg”,etc.)

When you try to send a redirect status (Number is line_status_402), your HTTP server cannot send it right now if it hasn’t finished to set up the header. If not started to set up the header, there are no problems, but if it ’s already begin to set up the header, then your HTTP server expects these headers to be finished setting up and it cannot be the case if the stream of the page is not over.

In this last case it’s like you have a file started with <HTMLTag><Some Headers><Body> some output (like testing your variables.)

Before you indicate that the file is over (and before the size of the page can be setted up in the header), you try to send are direct status.

It s simply impossible due to the specification of HTTP 1.0 and 1.1

Which HTTP method is used by the client to check what server receives when request is made ?

TRACE method

HTTP Status Code Definitions

HTTP Status Code Definitions

400 Bad Request

400 series is actually based on client side error.

403 Forbidden

The 403 Forbidden error is an HTTP status code that means that accessing the page or resource you were trying to reach is absolutely

forbidden for some reason. the status code 404 (Not Found) can be used instead.

Resolutions

Check for URL errors and make sure the actual web page is specified.

Make sure the page you're trying to reach is correct.

404 Not Found

The page you are trying to reach could not be found on the server.

404 is a client side error.

Resolutions

check the URI you have typed in the browser .

Move up one directory level in the URI

eg. www.xyz.com/d/f/.ctd.html to www.xyz.com/d/f

408 Request Timeout

The request you sent to the website server (e.g. a request to load a web page) took longer than the website's

server was prepared to wait.

Resolutions

Many times a slow connection causes the 408 Request Timeout error. this is often only temporary.

Trying the page again will often be successful.

As more users connect to the website means huge increase in traffic by the server.

After some time when users left the access. This problem can be resolve.